Detection of advanced persistent threat using machine-learning correlation analysis

Ghafir, I, Hammoudeh, M, Prenosil, V, Han, L, Hegarty, R ORCID: https://orcid.org/0000-0003-3805-5974, Rabie, K and Aparicio-Navarro, F 2018, 'Detection of advanced persistent threat using machine-learning correlation analysis' , Future Generation Computer Systems, 89 , pp. 349-359.

[img]
Preview
PDF - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0.

Download (487kB) | Preview
[img] PDF - Published Version
Restricted to Repository staff only

Download (471kB) | Request a copy

Abstract

As one of the most serious types of cyber attack, Advanced Persistent Threats (APT) have caused major concerns on a global scale. APT refers to a persistent, multi-stage attack with the intention to compromise the system and gain information from the targeted system, which has the potential to cause significant damage and substantial financial loss. The accurate detection and prediction of APT is an ongoing challenge. This work proposes a novel machine learning-based system entitled MLAPT, which can accurately and rapidly detect and predict APT attacks in a systematic way. The MLAPT runs through three main phases: (1) Threat detection, in which eight methods have been developed to detect different techniques used during the various APT steps. The implementation and validation of these methods with real traffic is a significant contribution to the current body of research; (2) Alert correlation, in which a correlation framework is designed to link the outputs of the detection methods, aims to identify alerts that could be related and belong to a single APT scenario; and (3) Attack prediction, in which a machine learning-based prediction module is proposed based on the correlation framework output, to be used by the network security team to determine the probability of the early alerts to develop a complete APT attack. MLAPT is experimentally evaluated and the presented sys

Item Type: Article
Schools: Schools > School of Computing, Science and Engineering
Journal or Publication Title: Future Generation Computer Systems
Publisher: Elsevier
ISSN: 0167-739X
Related URLs:
Depositing User: Dr R Hegarty
Date Deposited: 03 Feb 2020 12:24
Last Modified: 04 Mar 2020 11:15
URI: http://usir.salford.ac.uk/id/eprint/56341

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)